50748 matches found
Ransom.Conti MVID-2022-0605 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/146ec3f6c262d0f287e67ddb3cc69892.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.Conti Vulnerability: Code Execution Description: Conti looks for and executes DLLs ...
Ransom.Conti MVID-2022-0602 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/7ba20fce7ac259f6062f73290c2e28cf.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.Conti Vulnerability: Code Execution Description: Conti looks for and executes DLLs ...
HighCMS/HighPortal 12.x SQL Injection
Exploit Title: HighCMS/HighPortal v12.x SQL Inj Type : WEBAPPS "HighCMS/HighPortal" Platform : ASP.NET Date : 4/23/2022 Exploit Author : E1.Coders Software Link : https://aryanic.com/page/portal Version : v12.x Category : Webapps Tested on: Linux/Windows Google Dork:...
Ransom.Conti MVID-2022-0606 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/eedd1cfc7acd012bbec464aebc679ee4.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.Conti Vulnerability: Code Execution Description: Conti looks for and executes DLLs ...
Ransom.Conti MVID-2022-0601 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/b485c36f28c5c967a50001c9e8d2c29c.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.Conti Vulnerability: Code Execution Description: Conti looks for and executes DLLs ...
WordPress WP Event Manager 3.1.27 Cross Site Scripting
Exploit Title: WordPress Plugin WP Event Manager - Stored Cross Site Scripting Date: 15-05-2022 Exploit Author: Mariam Tariq - HunterSherlock Vendor Homepage: https://wordpress.org/plugins/wp-event-manager/ Version: 3.1.27 Tested on: Firefox Contact me: [email protected] Steps To Reproduce...
Ransom.Conti MVID-2022-0603 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/6748dfe8e64dea2fc4c14691f7e766c6.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.Conti Vulnerability: Code Execution Description: Conti looks for and executes DLLs ...
IpMatcher 1.0.4.1 Server-Side Request Forgery
Exploit Title: SSRF in .NET C IpMatcher v1.0.4.1 and below NuGet package: CVE-2021-33318 IpMatcher v1.0.4.1 and below for .NET Core 2.0 and .NET Framework 4.5.2. incorrectly validates octal & hexadecimal input data, leading to indeterminate SSRF, LFI, RFI, and DoS vectors. Date: 22/09/2022 Exploi...
Zyxel Firewall ZTP Unauthenticated Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zyxel Firewall ZTP Unauthenticated Command Injection', 'Description' = %q This module exploits CVE-2022-30525, an unauthenticated remote command...
Ransom.Conti MVID-2022-0604 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/0c4502d6655264a9aa420274a0ddeaeb.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.Conti Vulnerability: Code Execution Description: Conti looks for and executes DLLs ...
Royal Event Management System 1.0 SQL Injection
Exploit Title: Royal Event Management System 1.0 - 'todate' SQL Injection Authenticated Date: 2022-26-03 Exploit Author: Eren Gozaydin Vendor Homepage: https://www.sourcecodester.com/php/15238/event-management-system-project-php-source-code.html Software Link:...
F5 BIG-IP iControl Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'F5 BIG-IP iControl RCE via REST Authentication Bypass', 'Description' = %q This module exploits an authentication bypass vulnerability in the F5...
F5 BIG-IP 16.0.x Remote Code Execution
Exploit Title: F5 BIG-IP 16.0.x - Remote Code Execution RCE Exploit Author: Yesith Alvarez Vendor Homepage: https://www.f5.com/products/big-ip-services Version: 16.0.x CVE : CVE-2022-1388 from requests import Request, Session import sys import json def title: print''' / \ \ / / | | \ / \ | \ / | ...
Ransom.REvil MVID-2022-0600 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/daab2c9d58acc367032f32bb8097e310.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.REvil Vulnerability: Code Execution Description: REvil looks for and executes DLLs ...
Ransom.REvil MVID-2022-0597 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/7ff073cc9e4e6750ba52135ba02ee531.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.REvil Vulnerability: Code Execution Description: REvil looks for and executes DLLs ...
Ransom.REvil MVID-2022-0595 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/7a96d7a1f28bfb6ae36a15263a8a7135.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.REvil Vulnerability: Code Execution Description: REvil looks for and executes DLLs ...
TLR-2005KSH Arbitrary File Delete
Exploit Title: TLR-2005KSH - Arbitrary File Delete Date: 2022-05-11 Exploit Author: Ahmed Alroky Author Company : AIactive Version: 1.0.0 Vendor home page : http://telesquare.co.kr/ Authentication Required: No Tested on: Windows CVE: CVE-2021-46424 Proof-of-Concept Request DELETE /cgi-bin/test2.t...
Ransom.REvil MVID-2022-0599 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/ab1aaa8f96c61684736da00ece5a9c83.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.REvil Vulnerability: Code Execution Description: REvil looks for and executes DLLs ...
Ransom.REvil MVID-2022-0598 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/c9bf7216cdc2673bf4ee2af8b19bcfc8.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.REvil Vulnerability: Code Execution Description: REvil looks for and executes DLLs ...
Ransom.REvil MVID-2022-0596 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/8ca35b7867e23a1bbb0fea6d51fc1b61.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.REvil Vulnerability: Code Execution Description: REvil looks for and executes DLLs ...
College Management System 1.0 SQL Injection
Exploit Title: College Management System - 'coursecode' SQL Injection Authenticated Date: 2022-24-03 Exploit Author: Eren Gozaydin Vendor Homepage: https://code-projects.org/college-management-system-in-php-with-source-code/ Software Link:...
Microsoft CMD.EXE Integer Overflow
Hi @ll, the subject says it all: a 25 year old TRIVIAL signed integer arithmetic bug which may well have earned a PhD now crashes Windows' command interpreter CMD.exe via its builtin SET command. See their documentation: Classification CWE-190: Integer Overflow or Wraparound CWE-248: Uncaught...
ImpressCMS 1.4.4 Arbitrary File Upload
Exploit Title: ImpressCMS v1.4.4 - Unrestricted File Upload Date: 7/4/2022 Exploit Author: Ünsal Furkan Harani Zemarkhos Vendor Homepage: https://www.impresscms.org/ Software Link: https://github.com/ImpressCMS/impresscms Version: v1.4.4 Description: Between lines 152 and 162, we see the function...
UDisk Monitor Z5 Phone 2.0.3.0 Unquoted Service Path
Exploit Title: UDisk Monitor Z5 Phone - 'MonServiceUDisk.exe' Unquoted Service Path Discovery by: Edgar Carrillo Egea // https://twitter.com/ecarrilloeg Discovery Date: 2022-04-24 Vendor Homepage: https://www.zte.com.cn/global/ Tested Version: 2.0.3.0 Vulnerability Type: Unquoted Service Path...
TCQ Unquoted Service Path
Exploit Title: TCQ - 'ITeCProteccioAppServer.exe' Unquoted Service Path Discovery by: Edgar Carrillo Egea - https://twitter.com/ecarrilloeg Discovery Date: 2022-04-25 Vendor Homepage: https://itec.es/programas/ Vulnerability Type: Unquoted Service Path Privilege Escalation Tested on OS: Microsoft...
DLINK DIR850 Insecure Direct Object Reference
Exploit Title: DLINK DIR850 - Insecure Access Control Product: Dlink Model: DIR850 Date: 14/1/2022 CVE : CVE-2021-46378 Exploit Author: Ahmed Alroky Hardware version: b1 Firmware version: ET850-1.08TRb03 Vendor home page: https://www.dlink.com/ Exploit : Visit http:///config.dat...
Magento eCommerce CE 2.3.5-p2 SQL Injection
Exploit Title: Magento eCommerce CE v2.3.5-p2 - Blind SQLi Date: 2021-4-21 Exploit Author: Aydin Naserifard Vendor Homepage: https://www.adobe.com/ Software Link: https://github.com/magento/magento2/releases/tag/2.3.5-p2 Version: 2.3.5-p2 Tested on: 2.3.5-p2 POC: 1PUT...
TLR-2005KSH Arbitrary File Upload
Exploit Title: TLR-2005KSH - Arbitrary File Upload Date: 2022-05-11 Shodan Dork: title:"Login to TLR-2021" Exploit Author: Ahmed Alroky Author Company : Aiactive Version: 1.0.0 Vendor home page : http://telesquare.co.kr/ Authentication Required: No Tested on: Windows CVE: CVE-2021-45428...
Bitrix24 Remtoe Code Execution
Exploit Title: Bitrix24 - Remote Code Execution RCE Authenticated Date: 4/22/2022 Exploit Author: picaroo Vendor Homepage: https://www.bitrix24.com/apps/desktop.php Tested on: Linux os /usr/bin/env python Created by heinjame import requests import re from bs4 import BeautifulSoup import...
Wondershare Dr.Fone 12.0.7 Privilege Escalation
Exploit Title: Wondershare Dr.Fone 12.0.7 - Privilege Escalation ElevationService Date: 4/27/2022 Exploit Author: Netanel Cohen & Tomer Peled Vendor Homepage: https://drfone.wondershare.net/ Software Link: https://download.wondershare.net/drfonefull4008.exe Version: up to 12.0.7 Tested on: Window...
WordPress Blue Admin 21.06.01 Cross Site Request Forgery
Exploit Title: WordPress Plugin Blue Admin 21.06.01 - Cross-Site Request Forgery CSRF Date: 2021-07-27 Exploit Author : Abisheik M Vendor Homepage : https://wpscan.com/plugin/blue-admi Version : alert/XSS/' /...
ManageEngine ADSelfService Plus Build 6118 NTLMv2 Hash Exposure
Exploit Title: ManageEngine ADSelfService Plus Build 6118 - NTLMv2 Hash Exposure Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/self-service-password/download.html Details:...
WordPress Advanced Uploader 4.2 Shell Upload
Exploit Title: WordPress Plugin Advanced Uploader 4.2 - Arbitrary File Upload Authenticated Google Dork: - Date: 2022-03-13 Exploit Author: Roel van Beurden Vendor Homepage: - Software Link: https://downloads.wordpress.org/plugin/advanced-uploader.4.2.zip Version: =4.2 Tested on: WordPress 5.9 on...
DLINK DIR850 Open Redirection
Exploit Title: DLINK DIR850 - Open Redirect Product: Dlink Model: DIR850 Date: 14/1/2022 CVE: CVE-2021-46379 Exploit Author: AhmedAlroky Hardware version: b1 Firmware version: ET850-1.08TRb03 Vendor home page: https://www.dlink.com/ Exploit : Visit...
Navigate CMS 2.9.4 Server-Side Request Forgery
!/usr/bin/env python3 Exploit Title: Navigate CMS 2.9.4 - Server-Side Request Forgery SSRF Authenticated Exploit Author: cheshireca7 Vendor Homepage: https://www.navigatecms.com/ Software Link: https://sourceforge.net/projects/navigatecms/files/releases/navigate-2.9.4r1561.zip/download Version:...
Akka HTTP 10.1.14 Denial Of Service
Exploit Title: Akka HTTP Denial of Service via Nested Header Comments Date: 18/4/2022 Exploit Author: cxosmo Vendor Homepage: https://akka.io Software Link: https://github.com/akka/akka-http Version: Akka HTTP 10.1.x 10.1.15 & 10.2.x 10.2.7 Tested on: Akka HTTP 10.2.4, Ubuntu CVE : CVE-2021-42697...
Beehive Forum 1.5.2 Account Takeover
Exploit Title: Beehive Forum - Account Takeover Date:08/05/2022. Exploit Author: Pablo Santiago Vendor Homepage: https://www.beehiveforum.co.uk/ Software Link: https://sourceforge.net/projects/beehiveforum/ Version: 1.5.2 Tested on: Kali Linux and Ubuntu 20.0.4 CVE N/A PoC:...
ExifTool 12.23 Arbitrary Code Execution
Exploit Title: ExifTool 12.23 - Arbitrary Code Execution Date: 04/30/2022 Exploit Author: UNICORD NicPWNs & Dev-Yeoj Vendor Homepage: https://exiftool.org/ Software Link: https://github.com/exiftool/exiftool/archive/refs/tags/12.23.zip Version: 7.44-12.23 Tested on: ExifTool 12.23 Debian CVE:...
e107 CMS 3.2.1 Arbitrary File Upload / Cross Site Scripting
Exploit Title: e107 CMS v3.2.1 - Multiple Vulnerabilities Date: 30/04/2022 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://e107.org/ Software Link: https://e107.org/download Version: 3.2.1 Tested on: Windows 10 using XAMPP, Apache/2.4.48 Win64...
WebTareas 2.4 SQL Injection
Exploit Title: WebTareas 2.4 - Blind SQLi Authenticated Date: 04/20/2022 Exploit Author: Behrad Taher Vendor Homepage: https://sourceforge.net/projects/webtareas/ Version: 2.4p3 CVE : CVE-2021-43481 The script takes 3 arguments: IP, user ID, session ID Example usage: python3 webtareassqli.py...
CSZ CMS 1.3.0 SQL Injection
Exploit Title: CSZ CMS 1.3.0 - 'Multiple' Blind SQLi Date: 2021-04-22 Exploit Author: Dogukan Dincer Vendor Homepage: https://www.cszcms.com/ Software Link: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.3.0.zip/download Version: 1.3.0 Tested on: Kali Linux, Windows 10, PHP 7.2.4...
SAP BusinessObjects Intelligence 4.3 XML Injection
Exploit Title: SAP BusinessObjects Intelligence 4.3 - XML External Entity XXE Google Dork: N/A Date: 4/21/2022 Exploit Author: West Shepherd Vendor Homepage: https://www.sap.com/ Software Link: https://www.sap.com/ Version: 4.2 and 4.3 Tested on: Windows Server 2019 x64 CVE : CVE-2022-28213...
DLINK DAP-1620 A1 1.01 Directory Traversal
Exploit Title: DLINK DAP-1620 A1 v1.01 - Directory Traversal Date: 27/4/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://me.dlink.com/consumer Version: DAP-1620 - A1 v1.01 Tested on: Linux CVE : CVE-2021-46381 POST /apply.cgi HTTP/1.1 Content-Type:...
Joomla SexyPolling 2.1.7 SQL Injection
Exploit Title: Joomla Plugin SexyPolling 2.1.7 - SQLi Google Dork: intext:"Powered by Sexy Polling" Date: 2022-02-08 Exploit Author: Wolfgang Hotwagner Vendor Homepage: https://2glux.com/projects/sexypolling Software Link: https://2glux.com/downloads/files/free/sexypollingpack2.1.72glux.com.zip...
Bookeen Notea BK_R_1.0.5_20210608 Directory Traversal
Exploit Title: Bookeen Notea - Directory Traversal Date: December 2021 Exploit Author: Clement MAILLIOUX Vendor Homepage: https://bookeen.com/ Software Link: N/A Version: BKR1.0.520210608 Tested on: Bookeen Notea Android 8.1 CVE : CVE 2021-45783 The affected version of the Bookeen Notea System...
Cyclos 4.14.7 Cross Site Scripting
Exploit Title: Cyclos 4.14.7 - 'groupId' DOM Based Cross-Site Scripting XSS Date: 17/04/2021 Exploit Author: Tin Pham aka TF1T of VietSunshine Cyber Security Services Vendor Homepage: https://www.cyclos.org/ Version: Cyclos 4.14.7 and prior Tested on: Ubuntu CVE : CVE-2021-31673 Description: A...
PyScript 2022-05-04-Alpha Source Code Disclosure
Exploit Title: PyScript Remote Emscripten VMemory Python libraries Source Codes Read Date: 5-9-2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://pyscript.net/ Software Link: https://github.com/pyscript/pyscript Version: 2022-05-04-Alpha Tested on: Ubuntu Apache Server CVE :...
Wondershare Dr.Fone 12.0.7 Privilege Escalation
Exploit Title: Wondershare Dr.Fone 12.0.7 - Privilege Escalation InstallAssistService Date: 4/27/2022 Exploit Author: Netanel Cohen & Tomer Peled Vendor Homepage: https://drfone.wondershare.net/ Software Link: https://download.wondershare.net/drfonefull4008.exe Version: up to 12.0.7 Tested on:...
Cisco RV340 SSL VPN Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco RV340 SSL VPN Unauthenticated Remote Code Execution', 'Description' = %q This module exploits a stack buffer overflow in the Cisco RV serie...
Anuko Time Tracker 1.20.0.5640 SQL Injection
Exploit Title: Anuko Time Tracker - SQLi Authenticated Date: 2022-05-03 Exploit Author: Altelus Vendor Homepage: https://www.anuko.com/ Software Link: https://github.com/anuko/timetracker/tree/0924ef499c2b0833a20c2d180b04fa70c6484b6d Version: Anuko Time Tracker 1.20.0.5640 Tested on: Linux CVE :...